diff options
Diffstat (limited to 'trusty_gatekeeper.cpp')
-rw-r--r-- | trusty_gatekeeper.cpp | 121 |
1 files changed, 104 insertions, 17 deletions
diff --git a/trusty_gatekeeper.cpp b/trusty_gatekeeper.cpp index 1c4b5e6..99c466e 100644 --- a/trusty_gatekeeper.cpp +++ b/trusty_gatekeeper.cpp @@ -262,7 +262,7 @@ bool TrustyGateKeeper::GetFailureRecord(uint32_t uid, if (secure) { return GetSecureFailureRecord(uid, user_id, record); } else { - return GetMemoryRecord(user_id, record); + return GetMemoryRecord(uid, user_id, record); } } @@ -320,7 +320,7 @@ bool TrustyGateKeeper::WriteFailureRecord(uint32_t uid, if (secure) { return WriteSecureFailureRecord(uid, record); } else { - return WriteMemoryRecord(record); + return WriteMemoryRecord(uid, record); } } @@ -330,44 +330,45 @@ bool TrustyGateKeeper::IsHardwareBacked() const { void TrustyGateKeeper::InitMemoryRecords() { if (!mem_records_.get()) { - failure_record_t* mem_recs = new failure_record_t[MAX_FAILURE_RECORDS]; + mem_failure_record_t* mem_recs = new mem_failure_record_t[MAX_FAILURE_RECORDS]; memset(mem_recs, 0, sizeof(*mem_recs)); mem_records_.reset(mem_recs); num_mem_records_ = 0; } } -bool TrustyGateKeeper::GetMemoryRecord(secure_id_t user_id, +bool TrustyGateKeeper::GetMemoryRecord(uint32_t uid, secure_id_t user_id, failure_record_t* record) { InitMemoryRecords(); for (int i = 0; i < num_mem_records_; i++) { - if (mem_records_[i].secure_user_id == user_id) { - *record = mem_records_[i]; - return true; + if (mem_records_[i].uid == uid) { + if (mem_records_[i].failure_record.secure_user_id == user_id) { + *record = mem_records_[i].failure_record; + return true; + } + TLOGE("Error:[%" PRIu64 " != %" PRIu64 "] mismatched SID for uid %u.\n", + mem_records_[i].failure_record.secure_user_id, user_id, uid); + return false; } } - record->secure_user_id = user_id; - record->failure_counter = 0; - record->last_checked_timestamp = 0; - - return true; + return false; } -bool TrustyGateKeeper::WriteMemoryRecord(failure_record_t* record) { +bool TrustyGateKeeper::WriteMemoryRecord(uint32_t uid, failure_record_t* record) { InitMemoryRecords(); int idx = 0; int min_idx = 0; uint64_t min_timestamp = ~0ULL; for (idx = 0; idx < num_mem_records_; idx++) { - if (mem_records_[idx].secure_user_id == record->secure_user_id) { + if (mem_records_[idx].uid == uid) { break; } - if (mem_records_[idx].last_checked_timestamp <= min_timestamp) { - min_timestamp = mem_records_[idx].last_checked_timestamp; + if (mem_records_[idx].failure_record.last_checked_timestamp <= min_timestamp) { + min_timestamp = mem_records_[idx].failure_record.last_checked_timestamp; min_idx = idx; } } @@ -379,8 +380,94 @@ bool TrustyGateKeeper::WriteMemoryRecord(failure_record_t* record) { num_mem_records_++; } - mem_records_[idx] = *record; + mem_records_[idx].uid = uid; + mem_records_[idx].failure_record = *record; return true; } +gatekeeper_error_t TrustyGateKeeper::RemoveUser(uint32_t uid) { + bool deleted = false; + + // Remove from the in-memory record + if (mem_records_.get()) { + int idx = 0; + for (idx = 0; idx < num_mem_records_; idx++) { + if (mem_records_[idx].uid == uid) { + memset(&mem_records_[idx], 0, sizeof(mem_failure_record_t)); + deleted = true; + } + } + } + + storage_session_t session; + int rc = storage_open_session(&session, STORAGE_CLIENT_TD_PORT); + if (rc < 0) { + TLOGE("Error: [%d] opening storage session\n", rc); + return ERROR_UNKNOWN; + } + + char id[STORAGE_ID_LENGTH_MAX]; + memset(id, 0, sizeof(id)); + snprintf(id, STORAGE_ID_LENGTH_MAX, GATEKEEPER_PREFIX "%u", uid); + + rc = storage_delete_file(session, id, STORAGE_OP_COMPLETE); + if (rc < 0) { + // if the user's record was added to memory, there may not be a + // record in storage, so only report failures if we haven't already + // deleted a record from memory. + storage_close_session(session); + return deleted ? ERROR_NONE : ERROR_UNKNOWN; + } + storage_close_session(session); + + return ERROR_NONE; +} + +gatekeeper_error_t TrustyGateKeeper::RemoveAllUsers() { + + storage_session_t session; + int rc = storage_open_session(&session, STORAGE_CLIENT_TD_PORT); + if (rc < 0) { + TLOGE("Error: [%d] opening storage session\n", rc); + return ERROR_UNKNOWN; + } + + storage_open_dir_state *state; + rc = storage_open_dir(session, "", &state); + + while (true) { + uint8_t dir_flags = 0; + char name[STORAGE_ID_LENGTH_MAX]; + rc = storage_read_dir(session, state, &dir_flags, name, STORAGE_ID_LENGTH_MAX); + if (rc < 0) { + TLOGE("Error:[%d] opening storage dir.\n", rc); + storage_close_session(session); + return ERROR_UNKNOWN; + } + if ((dir_flags & STORAGE_FILE_LIST_STATE_MASK) == STORAGE_FILE_LIST_END) { + break; + } + if (!strncmp(name, GATEKEEPER_PREFIX, strlen(GATEKEEPER_PREFIX))) { + storage_delete_file(session, name, 0); + if (rc < 0) { + TLOGE("Error:[%d] deleting storage object.\n", rc); + storage_close_session(session); + return ERROR_UNKNOWN; + } + } + } + storage_close_dir(session, state); + rc = storage_end_transaction(session, true); + if (rc < 0) { + TLOGE("Error:[%d] ending storage transaction.\n", rc); + storage_close_session(session); + return ERROR_UNKNOWN; + } + storage_close_session(session); + + num_mem_records_ = 0; + + return ERROR_NONE; +} + } // namespace gatekeeper |